From IIS 8.5 Server Security Technical Implementation Guide
Part of SRG-APP-000516-WSR-000079
Associated with: CCI-000366
During installation of the web server software, accounts are created for the web server to operate properly. The accounts installed can have either no password installed or a default password, which will be known and documented by the vendor and the user community.
Access the IIS 8.5 web server. Access Apps menu. Under Administrative Tools, select Computer Management. In left pane, expand "Local Users and Groups" and click on "Users". Review the local users listed in the middle pane. If any local accounts are present and are used by IIS 8.5 verify with System Administrator that default passwords have been changed. If passwords have not been changed from the default, this is a finding.
Access the IIS 8.5 web server. Access Apps menu. Under Administrative Tools, select Computer Management. In left pane, expand "Local Users and Groups" and click on "Users". Change passwords for any local accounts are present and are used by IIS 8.5 verify with System Administrator that default passwords have been changed. Develop an internal process for changing passwords on a regular basis.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer